The researchers believe that even two years after the WannaCry attack, out-dated computer systems, lack of investment, and a shortage of skills and awareness in cyber security continue to put NHS hospitals at risk.